[LLVMdev] The difference between BoundsChecking.c annd AddressSanitizer

Nuno Lopes nunoplopes at sapo.pt
Sat Sep 7 08:31:37 PDT 2013


BoundsChecking.c is the code that implements clang's -fsanitize=bounds.
Address sanitizer (ASan) and this bounds checker (BC) are very different in 
implementation, overheads, and class of detected bugs.

The motivation of BC was to be able to ship applications with it enabled. 
Therefore it targets a low overhead of a few %.  It can only catch buffer 
overflows where the memory allocation and the memory accesses occur within 
the same function.  Addresses that are stored and then loaded from the 
memory will likely escape the control.

ASan is more of a debug tool.  It has a significant higher overhead (around 
2x).  In addition to buffer overflow, it can also detect use-after-free and 
double-free kind of bugs.  ASan's buffer overflow detection is significantly 
more comprehensive than BC's. You can read more at 


----- Original Message -----
> Hello everyone,
> I have noticed that there is a BoundsChecking.c under
> lib/Transforms/Instrumentation/. I am wondering how to use this tool and
> which type of bugs it targets. Are the tool provide the same functionality
> with Address Aanitizer?
> Thanks a lot 

More information about the llvm-dev mailing list